Huge rise in number of criminals using bogus law firms


Cyber crime: increased risks for solicitors

The number of reported attempts trying to defraud the public by using bogus law firms soared by 57% last year, the Solicitors Regulation Authority (SRA) revealed yesterday.

The news came with the publication of an SRA guide to combating cybercrime, which the regulator brought forward in light of the scam this week targeted at solicitors through an e-mail that appears to be from the SRA itself.

According to Spiders in the Web, the SRA received 549 reports of fake firms in 2013, many of which advertise online and operate by stealing the identity of an existing, real law firm.

This can be used as a method of stealing money from clients that are tricked into thinking they are dealing with a genuine law firm.

As well as bogus firms, the SRA said the use of harmful software has also been of increasing concern. Other potential risks include hacking and online activism – the guide recounted how in 2012 the ‘Anti-sec’ online activist group hacked into the servers of a Washington law firm that was acting for a US soldier convicted of war crimes in Iraq.

They obtained tens of thousands of e-mails and posted them online, including confidential information from unrelated cases.

A spokesman for the group said that they may attack others “if law firms stick their necks out in defence of notoriously corrupt corporations”.

Other real-life instances highlighted in the guide included a Canadian law firm working on a proposed acquisition of a Chinese company that was targeted by data thieves. Lawyers working on the deal received e-mails that appeared to be from a partner in the firm who was involved in the transaction.

The e-mails were actually a targeted phishing operation, and contained an attachment which installed a computer program on to the firm’s IT systems. This recorded data and information, and allowed the third party to access it. The attack was eventually traced to computers in China, with commercial espionage the presumed motive.

The SRA said that it did not intend to cause alarm. “There are simple steps that law firms can take to help protect themselves from criminals. These help to turn businesses from soft to hard targets.”

For example, it said commercial identity theft can be guarded against with many of the same concepts as used against personal identity theft, such as ensuring the secure destruction of documents that carry sensitive information about the firm.

The SRA also advised that firms should also at least occasionally monitor references to themselves online and on sites such as ‘Find a Solicitor’, which may help detect fake branches.

Andrew Garbutt, SRA director of risk, said the SRA e-mail scam “shows that the risks we are identifying are very real with genuine consequences, and that all firms should make themselves aware of the issues, assess how they could affect them and take steps to mitigate against them”.

The guide can be found here and a 2012 SRA warning notice on bogus law firms and identity theft here.

Tags:




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

No larger firm can ignore the demands of innovation – that was the clear message from our most recent roundtable: “The law firm of the future”, sponsored by LexisNexis Enterprise Solutions. It comes in many forms, predominantly but not just technology, and is not simply a case of automating process. Expertise and process are not mutually exclusive.

Blog

14 November 2018

How accessible is your recruitment process?

Recognising the benefits of employing disabled people in the legal profession, and attracting talented disabled candidates is a great start, but of little use if your recruitment process is not inclusive nor accessible.

Read More